ATM makers warn of 'jackpotting' hacks on U.S. machines

"Jackpotting," has been a threat to banks in Europe and Asia for some time. Thieves install malicious software on ATMs, forcing them to spit-out cash on command. On Saturday, it was learned ATMs in the U.S. have now come under attack.

ATM "jackpotting" is a very sophisticated crime, according to Krebs on Security. It involves thieves installing software or hardware on ATM machines that will allow the machines to spit out huge volumes of cash on demand.

While the crime is prevalent in other parts of the world, the United States has been largely, left alone, until this past weekend. However, Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM makers, have issued warnings about the crime after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting ATMs in the U.S., according to Reuters.

Jackpotting requires access to the machine

The thieves first must have access to the ATM machines, and those being hit are usually "stand-alone" machines found in pharmacies, drive-throughs or big-box stores. "This is the first instance of jackpotting in the United States," site owner and security guru Brian Krebs told the Washington Post.

The Secret Service alert describes how the thefts are done: An on-the-street crew decked out to look like ATM technicians use an endoscope, like you'd see at the doctor's office, to access an ATM's innards and connect the ATM's computer with their own laptop. The ATM will then seem to be out of service to legal customers.

This allows thieves lying-in-wait to use an SMS or an external keyboard to command the ATM to start spitting out cash "like slot machines" to a "money mule" lying in wait. In other attacks, according to the Secret Service report, bills would fly out of the machines "at a rate of 40 bills every 23 seconds."

After the mule collects the money, the fake technicians come back and disconnect their equipment. According to Krebs on Security, an unnamed source, who asked to remain anonymous because he was not authorized to speak on the record, said the Secret Service is warning gangs have been attacking stand-alone ATMs in the U.S. using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.